cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 12

Restrict Pollers to Specific IP and Interface

Jump to solution

Guys, using NPM 11.5. We have tight security on our environment. As such, all networking kit use ACLs to determine what IP addresses they would respond to for SNMP queries etc. As such, we initially set up our NPM installation with 3 IP addresses:

  • 1 for IIS/NPM Web Interface
  • 1 for Syslog
  • 1 for device polling (all networking kit allow this IP address to SNMP query)

What we found though the poller was tied to a specific address, it would still use the OS routing depending on what it was polling and this meant it might send polling queries out on of the other interfaces, Can this be locked down to a  specific interface?

Labels (2)
Tags (1)
0 Kudos
1 Solution

Not going to happen -- the operating system is always going to use the directly connected interface over any other interface, regardless of any ordering.

[this is one of my standard interview questions for network engineers]

I also doubt you have a server with an IP address of 11.1.1.1 since that belongs to the US department of Defence... Whois-RWS

[obfuscation of IP address prevents me from giving more specific command below]

If you need it to use a particular interface for remote networks then you need to setup routing on the host to prefer a gateway on a subnetwork connected to that interface.

if you did NOT have a directly connect interface to 10.1.1.0 then something like:

route -p ADD 10.1.1.0 MASK 255.255.255.0 11.1.1.100 IF 10

would cause interface 10 (and it's ip address) be used as the source for packets to hosts on 10.1.1.0/24

[our network is odd in that for /24 we put the gateway IP at .100 -- I have no idea why, it started decades ago and cannot change it now...]

we use this for polling specific blocks of IP addresses connected to different bits of the network where the default route is not good enough.

View solution in original post

9 Replies

Try looking at the network bindings under Advanced Options in 'Network Connections':

  1. Windows Key + R, type ncpa.cpl to get to the Network Connections window.
  2. Hold down 'alt' to see the hidden menu options, and click 'Advanced' and the 'Advanced Settings'
  3. In 'Adapters and Bindings', note down the current order of your adapters, then set the NIC you use for SNMP polling as the topmost adapter.
    (Disclaimer: You many need to reboot the server for the change to take effect).

This should force all services on the server to use the polling adapter first (unless the app has a specific IP/interface binding set). See if this helps you.

- Jez Marsh
0 Kudos
Level 17

The question is - why is the OS based routing using other interfaces rather than the interface meant for device polling?

0 Kudos

Well yes, thats what I am asking! If I have two interfaces on an NPM server with the following IPS:

  • 10.1.1.1/24
  • 11.1.1.1/24

and I have the poller bound to 11.1.1.1. When i pol 10.1.1.2 I need the source IP address of the SNMP or WMI poller to be 11.1.1.1.

0 Kudos

Not going to happen -- the operating system is always going to use the directly connected interface over any other interface, regardless of any ordering.

[this is one of my standard interview questions for network engineers]

I also doubt you have a server with an IP address of 11.1.1.1 since that belongs to the US department of Defence... Whois-RWS

[obfuscation of IP address prevents me from giving more specific command below]

If you need it to use a particular interface for remote networks then you need to setup routing on the host to prefer a gateway on a subnetwork connected to that interface.

if you did NOT have a directly connect interface to 10.1.1.0 then something like:

route -p ADD 10.1.1.0 MASK 255.255.255.0 11.1.1.100 IF 10

would cause interface 10 (and it's ip address) be used as the source for packets to hosts on 10.1.1.0/24

[our network is odd in that for /24 we put the gateway IP at .100 -- I have no idea why, it started decades ago and cannot change it now...]

we use this for polling specific blocks of IP addresses connected to different bits of the network where the default route is not good enough.

View solution in original post

Thanks for the replies guys. The IP addresses I was using (10.x.x.x etc) were solely for descriptive purposes. Basically, it doesn't appear that this can be accomplished. The poller seems to use the IP address of the interface it is using and chooses the interface based on the endpoint being polled. As such, it's nearly impossible to force all polling out a specific interface unless one has a very well defined network layout and uses local routing as outlined by Richard. I guess the only option to utilize all my Nics/bandwidth is to port channel everything up into one big pipe and use a single IP address for all services on the box.

0 Kudos

I took it that the server had three physical network adapters, and he's trying to force the OS to use one of them over the others for applications, it's possible that ordering might help. I don't have anything to hand to lab this up with, however.

But if you want to be sure, then yeah, you'll need to use routing. That said, he'd need to add a route for each managed segment, if all polling traffic needs to go out of a specific interface.

- Jez Marsh
0 Kudos

The poller's IP is for identification of the polling engine only. The devices are always polled using the OS routing. To the best of my knowledge, you need to address this at the OS level.  Or, you will need to adjust your ACLs to match your OS routing.

0 Kudos

not 100% here but just thinking

if the syslog is incoming, and the IIS is only needed on the main poller (which you can just assign no nodes to)

that leaves only the polling IP interface which needs the default gateway. If you subnet off your syslog then most everything it needs to poll should route out the default route interface, no?

0 Kudos

Syslog is listening only so not really a concern. I just mentioned it to b thorough and describe our environment. We only have a single poller and resides on the NPM server with IIS

0 Kudos